Product Downloads
Software Updates
Knowledge Base
CounterPoint Subscription Service
Feature Suggestion
CounterPoint Users Forum
CPOnline Support
CPOnline Service Status
CPGateway Service Status
PCI Compliance


 


Log In
PCI Compliance
Is Your Business At Risk?
If You Aren't PCI Compliant ... It Is
Imagine this: A customer—we'll call her Mary—purchases a toy in your store with a credit card. Mary's credit card information is temporarily stored in your computer systems. Fred, your clerk, is a little short on rent money this month. Fred accesses your computer systems and steals Mary's card information. Fred sells that information to a willing buyer, and through a complex series of transactions, that cardholder information is eventually obtained by John. John uses Mary's credit card information to go on a weekend vacation to the mountains. Did you know that your bank will make you pay for John's vacation plus hefty fines ($50,000, $100,000 and more)?

And this is just one card—and one vacation. How much could this cost you if Fred takes information from many customers because he's always short on rent money?

If your systems are not PCI-compliant, your business is at extreme financial risk. Get, and keep, your CounterPoint system PCI-compliant with the CounterPoint Subscription Service.

Quick Reference
PCI-Compliant Software and Services
PCI Overview
Keeping Your Software Compliant
Your Responsibilities
Learn More



PCI Overview 		back to top
When your customer pays you with a credit card—in-store, online, or by phone—you collect cardholder information. You need to protect that information.

Visa enforces strict guidelines for the Cardholder Information Security Program (PCI) for any system that accepts credit cards. PCI ensures that cardholder information is secure and protected against theft.

As a merchant who accepts credit cards, you are responsible for adequately securing your customers' cardholder information wherever it resides—on your computers, in a drawer, or in a filing cabinet. If you fail to do so, Visa and your bank—under the terms of your Merchant Processing Agreement—can hold you accountable for fines, and for any losses they suffer from the fraudulent use of cardholder data obtained from your business.


PCI-Compliant Software and Services 		back to top
CounterPoint V7 and CounterPoint SQL are approved by Visa as PCI-Validated Payment Applications. CPGateway and CPOnline comply with the Payment Card Industry's (PCI) Data Security Standards and are approved by Visa as PCI-Compliant Service Providers.

As PCI-Validated Payment Applications, CounterPoint V7 and CounterPoint SQL adhere to all Cardholder Information Security Program (PCI) and Payment Application Best Practices (PABP) guidelines. In addition, both versions of CounterPoint include numerous features that enable merchants to implement a fully PCI-compliant system.

CounterPoint's PCI-compliant security features include:

  • Password security settings support PCI-compliant password policies.
  • All passwords and credit card numbers are encrypted.
  • Full credit card numbers are not displayed or printed; all card numbers are masked to display only the first 6 and the last 4 digits.
  • Magnetic stripe track data is not retained in the CounterPoint database.
  • CVV2/CVC2/CID data (i.e., verification numbers printed on each card) is not retained.
  • Retention of full credit card numbers in history is optional; full card numbers retained in history are encrypted.


Keeping Your Software Compliant 		back to top
PCI requirements will continue to change. To meet Visa's current and future PCI requirements, you must keep your CounterPoint software up to date.

CounterPoint Subscription Service (CSS) will keep your CounterPoint system compliant with Visa's ever-changing requirements. With CSS, you automatically receive new CounterPoint features and enhancements as they are added to the software.

If your CSS is expired, you can renew online today.

Your Responsibilities 		back to top
As a merchant who accepts credit cards, you are responsible for adequately securing your customers' cardholder information wherever it resides-on your computers, in a drawer, or in a filing cabinet. If you fail to do so, Visa and your bank-under the terms of your Merchant Processing Agreement-can hold you accountable for fines and for any losses they suffer from the fraudulent use of cardholder data obtained from your business.

CounterPoint software is only one part of your PCI-compliance obligations. PCI requires that you evaluate your business policies and incorporate security into your business practices. The documentation included with CounterPoint provides specific steps and recommendations for you to ensure PCI compliance. More detailed guidelines describing the 12 basic system requirements are outlined in Payment Card Industry Data Security Standards (PCIDSS). PCIDSS requirements include using current anti-virus software, issuing passwords to your employees, not retaining card magstripe data, using a firewall if your system is connected to the Internet, and so forth.

PCI compliance is a very serious matter. Non-compliance can cost you money, time, and reputation. If your systems are not PCI-compliant, your business is at extreme financial risk. Contact your CounterPoint Business Partner for more information.

Learn More 		back to top
A wealth of information is available on Visa's website at www.visa.com/cisp. Some of the links of potential interest include: If you have additional questions about PCI, contact your CounterPoint Business Partner or give us a call at (800) 852-5852. We'll be happy to assist you.




Products      Support      Training      News & Events      Partners      About Us      Contact Us      Site Map